Securing IPv4 to IPv6 tunnel from neighbor discovery attack
Loading...
Date
2008-06
Authors
Mohammed Yousef, Mohammed Ghaleb
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
The Neighbor Discovery (ND) protocol is very important in any networks because it
can provide IP auto-configuration address resolution and also discover other nodes
on the link, determine their link-layer addresses to find routers, and to maintain
accessible information about paths to active neighbors. However, a malicious user
can make connections between hosts of local area networks (LAN) and generate
useless ND protocol messages by sending Neighbor Solicitation using a spoofed
source link-layer address, and a Neighbor Advertisement with a spoofed target linklayer
address. If the spoofed link-layer address is valid and the attacker responds to
the unicast Neighbor Solicitation messages sent as part of the Neighbor
Unreachability Detection, packets will continue to be redirected. In this thesis we
propose a new mechanism which involves adding a new field in the authentication
header called the secret field for the purpose of protecting from only ND attack, and
designing a new algorithm called the SNFunction to digitally signature and hide the
secret number field's value. We will also use a public key to encrypt and a private
key to decrypt in the SN field during its transmission in the network to ensure that
non that the forgery of ND packets is thwarted.
Description
Keywords
The Neighbor Discovery (ND) protocol , can provide IP auto-configuration address resolution